Tag: mobile security

Apple has banned Westpac bank’s mobile payments feature, which allowed customers to make payments through messaging apps including Snapchat, Whatsapp and Facebook Messenger.

While it’s confirmed that Apple has ordered Westpac to remove the mobile payments feature, it is yet to be confirmed what the exact reasoning is for this decision.

Westpac has confirmed with its customers that the recently-launched Keyboard feature would be removed from July, despite it already being installed by tens of thousands of customers. More than that, Westpac had previously addressed security concerns with Apple, regarding the payment feature, prior to its launch in March.

Additionally, the decision comes only months after the Australian Competition and Consumer Commission (ACCC) denied an application by NAB, CBA and Westpac to collectively negotiate with Apple over access to Apple Pay and the NFC contactless payments features on iPhones. This means that the banks cannot offer their own digital wallets on the iPhone and so far ANZ is the only one of the four major banks to strike a deal with Apple to offer Apple Pay to customers.

The bank will still be offering its Keyboard feature to Android users in the coming months.

When it comes to PCI DSS compliance, most organizations consider it as a one-off task, something to complete – often only after the Acquiring Banks ask to do so – and forget about once the compliance has been validated. The problem is that compliance audits only prove best-practice during a snapshot in time, and most organizations fail to maintain best-practice after they have passed the audit. It has been found that most, if not all, organizations that were supposedly PCI DSS compliant were found to no longer be compliant at the moment they were compromised.

The analysis, however, points out that most merchants will receive value for their investment. Consequently, Juniper Research believes that extra effort is needed in educating merchants on the benefits of FDP (fraud detection and prevention).

The research points out that CNP physical goods sales are especially vulnerable to fraud, where loses will reach USD 14.8 billion annually in 2022. In spite of these figures, retailers are unwilling to impose rigorous ID checks on pick-up, fearing that this practice would damage the consumer experience and affect conversion rates.

Finally, the research argues that machine learning will be a key tool in identifying genuine users and combating fraud in 2018. At the same time, the ecommerce market will rely on 3DS 2.0 and biometrics.

A wonderful thanks once again to Anand Sanwal and the team at CBInsights for great data.

CB Insights has been used data to identify over 80 private companies in cybersecurity that are using AI and categorized them into the nine main areas in which they operate. Two unicorn companies valued at over $1B are included in the map: the automated endpoint protection company Tanium and the predictive intelligence company Cylance.

Scroll down to see the market map and full table of companies included.

Category Breakdown

Anti Fraud & Identity Management: This is the most populated category within the cybersecurity AI market. Startups in this category mainly help secure online transactions by identifying fraudsters. For example, the company FeedZai utilizes machine learning algorithms to proactively detect fraud in financial transactions. Similarly, companies like Socure can detect fraudulent users on websites and in mobile applications also using machine-learning algorithms.

Mobile Security: Included in this category are startups such as Appthority, which provides a cloud-based platform that automatically identifies and grades risky behavior in mobile apps including known and unknown malware, new malware used in targeted attacks, corporate data ex-filtration, and intellectual property exposure. Similarly, Skycure’s predictive technology leverages massive crowd knowledge to proactively identify threats to secure mobile devices.

Predictive Intelligence: Companies such as the unicorn company Cylance aim to couple sophisticated math and machine learning with a unique understanding of a hacker’s mentality, and by doing so offer technology and services that are predictive and preventive against advanced cyber threats. Likewise, the company SentinelOne uses predictive execution modeling to detect and protect network devices against targeted, previously unknown threats in real time.

Behavioral Analytics / Anomaly Detection: Startups in this category include Darktrace which uses advanced mathematics and machine learning to detect anomalous behavior in organizations’ systems and networks in order detect cyber-attacks. Unlike software that puts locks on doors, Darktrace’s approach allows enterprises to protect their information and intellectual property from state sponsored, criminal groups or malicious employees who are already inside the network as well as from external attacks. Companies such as BehavioSec offer a behavioral biometric systems that creates digital fingerprints from an end-user’s behavior through monitored keystrokes, mouse behavior, and anomaly detection to ensure security of IT organizations, e-commerce, and more.

Automated Security: Startups in this category include unicorn company Tanium, which couples an application of AI known as natural language processing with endpoint protection on a massive scale. Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, automatically retrieve data on their current and historical state, and execute change as necessary within seconds. Other companies include Demisto which offers systems that are designed to automate security tasks across 100+ security products and weave human analyst activities and workflows together.

Cyber-Risk Management: Companies in this category range from cyber-insurance oriented companies to those that are security policy and compliance focused. For example, Cyence empowers the insurance industry to understand the impact of cyber risk in the context of dollars and probabilities. Other companies include Cybersaint, which offers solutions for streamlining the cyber-risk compliance process. Slightly different, but still within the business of managing cyber risk is the company Wiretap, which helps secure enterprise social networks, as well as collaboration tools, by securing against intellectual property and confidential data leaks, insider threats, HR policy violations, compliance issues, and external sharing risks.

App Security: Companies in this category are focused on securing specific enterprise applications rather than entire networks. This includes both web-based and dev-ops oriented applications, and more. This category includes companies such as Authbase, which provides frameworks to help developers secure applications by finding, fixing, and monitoring web, mobile, and networks against current and future vulnerabilities; the company Cryptosense, whose software employs a unique mix of formal analysis and machine learning to find security flaws in cryptographic systems; and Cyber 20/20, which monitors network traffic for suspicious activity within applications and automatically submits them to a machine learning platform, where they are analyzed and shown to be malicious or not.

IoT Security: These startups include SparkCognition, which develops AI-powered asset-protection software for the safety, security, and reliability of the IoT. Bastille Networks utilizes machine learning algorithms to secure the IoT on corporate campuses by identifying airborne threats such as hidden recording devices or transmitters in a conference room, and allow for a preemptive response to data theft. CUJO is a smart firewall that protects a user’s connected home from criminal hackers by using a combination of cloud services, machine learning, and mobile apps to manage the network.

Deception Security: illusive networks provides solutions that combat Advanced Persistent Threats by proactively deceiving and disrupting in progress attacks. CyberFog (dba CyberSwarm) offers a deception tool that detects and fights cyber attacks by creating a neural network of thousands of fake computers, devices, and services that act like a fog and work under the supervision of machine learning algorithms.

Market Map

Click on the image below to enlarge. Categories are not mutually exclusive and companies may operate across multiple categories. This market map is not meant to be exhaustive of companies in the space. See the full list of companies below the category breakdown.